diff options
Diffstat (limited to 'app/controllers/api')
33 files changed, 125 insertions, 32 deletions
diff --git a/app/controllers/api/activitypub/activities_controller.rb b/app/controllers/api/activitypub/activities_controller.rb index 025ab960e..740c8589a 100644 --- a/app/controllers/api/activitypub/activities_controller.rb +++ b/app/controllers/api/activitypub/activities_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::Activitypub::ActivitiesController < ApiController +class Api::Activitypub::ActivitiesController < Api::BaseController include Authorization # before_action :set_follow, only: [:show_follow] diff --git a/app/controllers/api/activitypub/notes_controller.rb b/app/controllers/api/activitypub/notes_controller.rb index ff9383413..783c1c4ed 100644 --- a/app/controllers/api/activitypub/notes_controller.rb +++ b/app/controllers/api/activitypub/notes_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::Activitypub::NotesController < ApiController +class Api::Activitypub::NotesController < Api::BaseController include Authorization before_action :set_status diff --git a/app/controllers/api/activitypub/outbox_controller.rb b/app/controllers/api/activitypub/outbox_controller.rb index 7b6cbdd38..0738d7dee 100644 --- a/app/controllers/api/activitypub/outbox_controller.rb +++ b/app/controllers/api/activitypub/outbox_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::Activitypub::OutboxController < ApiController +class Api::Activitypub::OutboxController < Api::BaseController before_action :set_account respond_to :activitystreams2 diff --git a/app/controllers/api/base_controller.rb b/app/controllers/api/base_controller.rb new file mode 100644 index 000000000..c1b2ec3cf --- /dev/null +++ b/app/controllers/api/base_controller.rb @@ -0,0 +1,93 @@ +# frozen_string_literal: true + +class Api::BaseController < ApplicationController + DEFAULT_STATUSES_LIMIT = 20 + DEFAULT_ACCOUNTS_LIMIT = 40 + + include RateLimitHeaders + + skip_before_action :verify_authenticity_token + skip_before_action :store_current_location + + rescue_from ActiveRecord::RecordInvalid, Mastodon::ValidationError do |e| + render json: { error: e.to_s }, status: 422 + end + + rescue_from ActiveRecord::RecordNotFound do + render json: { error: 'Record not found' }, status: 404 + end + + rescue_from Goldfinger::Error do + render json: { error: 'Remote account could not be resolved' }, status: 422 + end + + rescue_from HTTP::Error do + render json: { error: 'Remote data could not be fetched' }, status: 503 + end + + rescue_from OpenSSL::SSL::SSLError do + render json: { error: 'Remote SSL certificate could not be verified' }, status: 503 + end + + rescue_from Mastodon::NotPermittedError do + render json: { error: 'This action is not allowed' }, status: 403 + end + + def doorkeeper_unauthorized_render_options(error: nil) + { json: { error: (error.try(:description) || 'Not authorized') } } + end + + def doorkeeper_forbidden_render_options(*) + { json: { error: 'This action is outside the authorized scopes' } } + end + + protected + + def set_pagination_headers(next_path = nil, prev_path = nil) + links = [] + links << [next_path, [%w(rel next)]] if next_path + links << [prev_path, [%w(rel prev)]] if prev_path + response.headers['Link'] = LinkHeader.new(links) + end + + def limit_param(default_limit) + return default_limit unless params[:limit] + [params[:limit].to_i.abs, default_limit * 2].min + end + + def current_resource_owner + @current_user ||= User.find(doorkeeper_token.resource_owner_id) if doorkeeper_token + end + + def current_user + current_resource_owner || super + rescue ActiveRecord::RecordNotFound + nil + end + + def require_user! + current_resource_owner + set_user_activity + rescue ActiveRecord::RecordNotFound + render json: { error: 'This method requires an authenticated user' }, status: 422 + end + + def render_empty + render json: {}, status: 200 + end + + def set_maps(statuses) # rubocop:disable Style/AccessorMethodName + if current_account.nil? + @reblogs_map = {} + @favourites_map = {} + @mutes_map = {} + return + end + + status_ids = statuses.compact.flat_map { |s| [s.id, s.reblog_of_id] }.uniq + conversation_ids = statuses.compact.map(&:conversation_id).compact.uniq + @reblogs_map = Status.reblogs_map(status_ids, current_account) + @favourites_map = Status.favourites_map(status_ids, current_account) + @mutes_map = Status.mutes_map(conversation_ids, current_account) + end +end diff --git a/app/controllers/api/oembed_controller.rb b/app/controllers/api/oembed_controller.rb index 576188353..6e3e34d96 100644 --- a/app/controllers/api/oembed_controller.rb +++ b/app/controllers/api/oembed_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::OEmbedController < ApiController +class Api::OEmbedController < Api::BaseController respond_to :json def show diff --git a/app/controllers/api/push_controller.rb b/app/controllers/api/push_controller.rb index 75a1f757b..951867140 100644 --- a/app/controllers/api/push_controller.rb +++ b/app/controllers/api/push_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::PushController < ApiController +class Api::PushController < Api::BaseController def update response, status = process_push_request render plain: response, status: status diff --git a/app/controllers/api/salmon_controller.rb b/app/controllers/api/salmon_controller.rb index f611b48a0..e9e700b18 100644 --- a/app/controllers/api/salmon_controller.rb +++ b/app/controllers/api/salmon_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::SalmonController < ApiController +class Api::SalmonController < Api::BaseController before_action :set_account respond_to :txt diff --git a/app/controllers/api/subscriptions_controller.rb b/app/controllers/api/subscriptions_controller.rb index dd2f42aab..d3ea98676 100644 --- a/app/controllers/api/subscriptions_controller.rb +++ b/app/controllers/api/subscriptions_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::SubscriptionsController < ApiController +class Api::SubscriptionsController < Api::BaseController before_action :set_account respond_to :txt diff --git a/app/controllers/api/v1/accounts/credentials_controller.rb b/app/controllers/api/v1/accounts/credentials_controller.rb index 8f2ded29e..1cf52ff10 100644 --- a/app/controllers/api/v1/accounts/credentials_controller.rb +++ b/app/controllers/api/v1/accounts/credentials_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::Accounts::CredentialsController < ApiController +class Api::V1::Accounts::CredentialsController < Api::BaseController before_action -> { doorkeeper_authorize! :write }, only: [:update] before_action :require_user! diff --git a/app/controllers/api/v1/accounts/follower_accounts_controller.rb b/app/controllers/api/v1/accounts/follower_accounts_controller.rb index 3e9da29e3..81aae56d3 100644 --- a/app/controllers/api/v1/accounts/follower_accounts_controller.rb +++ b/app/controllers/api/v1/accounts/follower_accounts_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::Accounts::FollowerAccountsController < ApiController +class Api::V1::Accounts::FollowerAccountsController < Api::BaseController before_action -> { doorkeeper_authorize! :read } before_action :set_account after_action :insert_pagination_headers diff --git a/app/controllers/api/v1/accounts/following_accounts_controller.rb b/app/controllers/api/v1/accounts/following_accounts_controller.rb index 732961aac..63c6d54b2 100644 --- a/app/controllers/api/v1/accounts/following_accounts_controller.rb +++ b/app/controllers/api/v1/accounts/following_accounts_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::Accounts::FollowingAccountsController < ApiController +class Api::V1::Accounts::FollowingAccountsController < Api::BaseController before_action -> { doorkeeper_authorize! :read } before_action :set_account after_action :insert_pagination_headers diff --git a/app/controllers/api/v1/accounts/relationships_controller.rb b/app/controllers/api/v1/accounts/relationships_controller.rb index d1a4f178b..cb923ab91 100644 --- a/app/controllers/api/v1/accounts/relationships_controller.rb +++ b/app/controllers/api/v1/accounts/relationships_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::Accounts::RelationshipsController < ApiController +class Api::V1::Accounts::RelationshipsController < Api::BaseController before_action -> { doorkeeper_authorize! :read } before_action :require_user! diff --git a/app/controllers/api/v1/accounts/search_controller.rb b/app/controllers/api/v1/accounts/search_controller.rb index 6d4c6e4cf..c4a8f97f2 100644 --- a/app/controllers/api/v1/accounts/search_controller.rb +++ b/app/controllers/api/v1/accounts/search_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::Accounts::SearchController < ApiController +class Api::V1::Accounts::SearchController < Api::BaseController before_action -> { doorkeeper_authorize! :read } before_action :require_user! diff --git a/app/controllers/api/v1/accounts/statuses_controller.rb b/app/controllers/api/v1/accounts/statuses_controller.rb index 1e0d2a740..504ed8c07 100644 --- a/app/controllers/api/v1/accounts/statuses_controller.rb +++ b/app/controllers/api/v1/accounts/statuses_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::Accounts::StatusesController < ApiController +class Api::V1::Accounts::StatusesController < Api::BaseController before_action -> { doorkeeper_authorize! :read } before_action :set_account after_action :insert_pagination_headers diff --git a/app/controllers/api/v1/accounts_controller.rb b/app/controllers/api/v1/accounts_controller.rb index 3b23e996d..8fc0dd36f 100644 --- a/app/controllers/api/v1/accounts_controller.rb +++ b/app/controllers/api/v1/accounts_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::AccountsController < ApiController +class Api::V1::AccountsController < Api::BaseController before_action -> { doorkeeper_authorize! :read }, except: [:follow, :unfollow, :block, :unblock, :mute, :unmute] before_action -> { doorkeeper_authorize! :follow }, only: [:follow, :unfollow, :block, :unblock, :mute, :unmute] before_action :require_user!, except: [:show] diff --git a/app/controllers/api/v1/apps_controller.rb b/app/controllers/api/v1/apps_controller.rb index 54f8d40b2..98e908948 100644 --- a/app/controllers/api/v1/apps_controller.rb +++ b/app/controllers/api/v1/apps_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::AppsController < ApiController +class Api::V1::AppsController < Api::BaseController respond_to :json def create diff --git a/app/controllers/api/v1/blocks_controller.rb b/app/controllers/api/v1/blocks_controller.rb index d15cb439c..1702953cf 100644 --- a/app/controllers/api/v1/blocks_controller.rb +++ b/app/controllers/api/v1/blocks_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::BlocksController < ApiController +class Api::V1::BlocksController < Api::BaseController before_action -> { doorkeeper_authorize! :follow } before_action :require_user! after_action :insert_pagination_headers diff --git a/app/controllers/api/v1/domain_blocks_controller.rb b/app/controllers/api/v1/domain_blocks_controller.rb index 772c04687..e93dc603b 100644 --- a/app/controllers/api/v1/domain_blocks_controller.rb +++ b/app/controllers/api/v1/domain_blocks_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::DomainBlocksController < ApiController +class Api::V1::DomainBlocksController < Api::BaseController BLOCK_LIMIT = 100 before_action -> { doorkeeper_authorize! :follow } diff --git a/app/controllers/api/v1/favourites_controller.rb b/app/controllers/api/v1/favourites_controller.rb index a74db92af..fe0819a3f 100644 --- a/app/controllers/api/v1/favourites_controller.rb +++ b/app/controllers/api/v1/favourites_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::FavouritesController < ApiController +class Api::V1::FavouritesController < Api::BaseController before_action -> { doorkeeper_authorize! :read } before_action :require_user! after_action :insert_pagination_headers diff --git a/app/controllers/api/v1/follow_requests_controller.rb b/app/controllers/api/v1/follow_requests_controller.rb index 8a8d40d77..eed22ef4f 100644 --- a/app/controllers/api/v1/follow_requests_controller.rb +++ b/app/controllers/api/v1/follow_requests_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::FollowRequestsController < ApiController +class Api::V1::FollowRequestsController < Api::BaseController before_action -> { doorkeeper_authorize! :follow } before_action :require_user! after_action :insert_pagination_headers, only: :index diff --git a/app/controllers/api/v1/follows_controller.rb b/app/controllers/api/v1/follows_controller.rb index 67d823398..bcdb4e177 100644 --- a/app/controllers/api/v1/follows_controller.rb +++ b/app/controllers/api/v1/follows_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::FollowsController < ApiController +class Api::V1::FollowsController < Api::BaseController before_action -> { doorkeeper_authorize! :follow } before_action :require_user! diff --git a/app/controllers/api/v1/instances_controller.rb b/app/controllers/api/v1/instances_controller.rb index 51d92838a..ce2181879 100644 --- a/app/controllers/api/v1/instances_controller.rb +++ b/app/controllers/api/v1/instances_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::InstancesController < ApiController +class Api::V1::InstancesController < Api::BaseController respond_to :json def show; end diff --git a/app/controllers/api/v1/media_controller.rb b/app/controllers/api/v1/media_controller.rb index 3d7dcef42..25a331319 100644 --- a/app/controllers/api/v1/media_controller.rb +++ b/app/controllers/api/v1/media_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::MediaController < ApiController +class Api::V1::MediaController < Api::BaseController before_action -> { doorkeeper_authorize! :write } before_action :require_user! diff --git a/app/controllers/api/v1/mutes_controller.rb b/app/controllers/api/v1/mutes_controller.rb index b9ac74176..2a353df03 100644 --- a/app/controllers/api/v1/mutes_controller.rb +++ b/app/controllers/api/v1/mutes_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::MutesController < ApiController +class Api::V1::MutesController < Api::BaseController before_action -> { doorkeeper_authorize! :follow } before_action :require_user! after_action :insert_pagination_headers diff --git a/app/controllers/api/v1/notifications_controller.rb b/app/controllers/api/v1/notifications_controller.rb index 1cd4ca40a..20b28776d 100644 --- a/app/controllers/api/v1/notifications_controller.rb +++ b/app/controllers/api/v1/notifications_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::NotificationsController < ApiController +class Api::V1::NotificationsController < Api::BaseController before_action -> { doorkeeper_authorize! :read } before_action :require_user! after_action :insert_pagination_headers, only: :index diff --git a/app/controllers/api/v1/reports_controller.rb b/app/controllers/api/v1/reports_controller.rb index e0f9ed232..71df76e92 100644 --- a/app/controllers/api/v1/reports_controller.rb +++ b/app/controllers/api/v1/reports_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::ReportsController < ApiController +class Api::V1::ReportsController < Api::BaseController before_action -> { doorkeeper_authorize! :read }, except: [:create] before_action -> { doorkeeper_authorize! :write }, only: [:create] before_action :require_user! diff --git a/app/controllers/api/v1/search_controller.rb b/app/controllers/api/v1/search_controller.rb index 1ee2589a0..8b832148c 100644 --- a/app/controllers/api/v1/search_controller.rb +++ b/app/controllers/api/v1/search_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::SearchController < ApiController +class Api::V1::SearchController < Api::BaseController RESULTS_LIMIT = 5 respond_to :json diff --git a/app/controllers/api/v1/statuses_controller.rb b/app/controllers/api/v1/statuses_controller.rb index 7386d7158..53fb1619e 100644 --- a/app/controllers/api/v1/statuses_controller.rb +++ b/app/controllers/api/v1/statuses_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::StatusesController < ApiController +class Api::V1::StatusesController < Api::BaseController include Authorization before_action :authorize_if_got_token, except: [:create, :destroy, :reblog, :unreblog, :favourite, :unfavourite, :mute, :unmute] diff --git a/app/controllers/api/v1/streaming_controller.rb b/app/controllers/api/v1/streaming_controller.rb index 377951472..66b812e76 100644 --- a/app/controllers/api/v1/streaming_controller.rb +++ b/app/controllers/api/v1/streaming_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::StreamingController < ApiController +class Api::V1::StreamingController < Api::BaseController respond_to :json def index diff --git a/app/controllers/api/v1/timelines/home_controller.rb b/app/controllers/api/v1/timelines/home_controller.rb index 29e570fa5..511d2f65d 100644 --- a/app/controllers/api/v1/timelines/home_controller.rb +++ b/app/controllers/api/v1/timelines/home_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::Timelines::HomeController < ApiController +class Api::V1::Timelines::HomeController < Api::BaseController before_action -> { doorkeeper_authorize! :read }, only: [:show] before_action :require_user!, only: [:show] after_action :insert_pagination_headers, unless: -> { @statuses.empty? } diff --git a/app/controllers/api/v1/timelines/public_controller.rb b/app/controllers/api/v1/timelines/public_controller.rb index cd3663d5f..305451cc7 100644 --- a/app/controllers/api/v1/timelines/public_controller.rb +++ b/app/controllers/api/v1/timelines/public_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::Timelines::PublicController < ApiController +class Api::V1::Timelines::PublicController < Api::BaseController after_action :insert_pagination_headers, unless: -> { @statuses.empty? } respond_to :json diff --git a/app/controllers/api/v1/timelines/tag_controller.rb b/app/controllers/api/v1/timelines/tag_controller.rb index 0481f5deb..50afca7c7 100644 --- a/app/controllers/api/v1/timelines/tag_controller.rb +++ b/app/controllers/api/v1/timelines/tag_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::Timelines::TagController < ApiController +class Api::V1::Timelines::TagController < Api::BaseController before_action :load_tag after_action :insert_pagination_headers, unless: -> { @statuses.empty? } diff --git a/app/controllers/api/web/settings_controller.rb b/app/controllers/api/web/settings_controller.rb index 7cceb0dfc..f6739d506 100644 --- a/app/controllers/api/web/settings_controller.rb +++ b/app/controllers/api/web/settings_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::Web::SettingsController < ApiController +class Api::Web::SettingsController < Api::BaseController respond_to :json before_action :require_user! |